Interview with smelly__vx, founder of vxunderground specially for Russian OSINT
Website: https://twitter.com/vxunderground
Founder's Twitter: https://twitter.com/smelly__vx
What is vx-underground? It is an online marketplace where you can find various collections of malware, virus samples and unique articles. Let's try to chat with the founder of vx-underground, also known as smelly__vx. Why he collects and publishes all this stuff for free? Let's find out.
Russian OSINT: How would you describe yourself in a few words? Who you are?
smelly__vx: I am smelly__vx. Creator of vx-underground. No one special.
Russian OSINT: Is there any interesting story behind this project and how it has been launched?
smelly__vx: In the 1980s people used to meet on BBS in 'VXs', virus exchanges. They would share virus ideas, concepts, and samples. Many VX BBS's came and went. However, in 1999-ish Vx Heaven was established, the sort of go-to place for computer malware. It was made by a Ukraine man under the alias herm1t. Sadly Vx Heaven shut down in 2014. We are the successor of Vx heaven. vx-underground was made in 2019. There was a void on the internet. There was no central place for malware stuff. After I asked around I realized no one was doing it. So, I started it.
Russian OSINT: How many people involved in the project? Do you share similar values and beliefs with other members of your community?
smelly__vx: A few people help me. We have our host, TCP.direct. We were banned from everywhere on the internet. Luckily, TCP.direct came in to offer us bullet proof hosting
Then we have our staff: Duchy, Bane, Deadlock. These people came forward because they also love malware and believe information for it should be free
Russian OSINT: Who is your main contributor for developing this project?
smelly__vx: That is a difficult question to answer. We aggregate malware papers from all over the internet. Our largest collection from a single person is malware analyst Hasherezade. She has 180+ papers on malware analysis.
Russian OSINT: In the description of your channel on Twitter: "website represents largest collection of malware samples, viruses and articles". So why does it make sense from commercial point of view to keep alive this project?... i actually haven't seen much of donations
smelly__vx: We do not do this for money. We do this because we value freedom of information (in regards to malware). Universities do not teach malware development, malware papers are scattered all across the internet. Malware is seen as the boogie man. We do not like this. We do this for a cause we believe in. If we make money from it, this is good. If we do not, that is okay too.
Russian OSINT: Is it true that earnings from donations cover all costs for hosting website and at least brings over $1000 / month?
smelly__vx: Donations do 'sort-of' cover our costs. On occasion I have had to pay for things out of my own pocket. We do not make $1000/month lol. In 2020 we made approx. $6000.
Russian OSINT: How do you get samples which are not in public? (Vt, hybrid, triage)
smelly__vx: We have about 5 or 6 people with enterprise VT accounts. They often share samples with us. On rare occasion someone may 'leak' us a malware sample.
Russian OSINT: Do you work now for reputation in order to make vx commercial in future or it always be for free?
smelly__vx: We have no intention on commercializing vx-underground
Russian OSINT: Is there any strategy you have to bring more traffic to your website?
smelly__vx: We get a lot of traffic. Despite not advertising we receive 30TB of web traffic a month. Approx. 4 million views of twitter. 7,000 unique visitors a day to the website. vx-underground is referenced and used for material in several universities across the world. We have also seen some ransomware groups using our techniques. Haha
Russian OSINT: You have a great experience in analysis of different samples, can you name top-5 sophisticated malwares? Which ones have impressed you the most and why?
smelly__vx: I liked the USAs stuxnet, it used a novel 0day, was first of its kind in the wild to target a ICS. I like the RIS's BlackEnergy virus - they took down the ukraine power grid. This was impressive. I also liked MetaPHOR a metamorphic mutation engine by The MentalDriller. Virlock, the polymorphic ransomware was cool, it was the first polymorphic ransomware seen in the wild. I also enjoyed the ransomware that targetted male chastity belts haha. It ransomed peoples penises
Russian OSINT: If i am newbie, what can i learn from your website? What can you advice in few words for start?
smelly__vx: You can learn many things, evasion techniques, theory, etc. We have 48,000+ unique malware source codes and 400+ papers and 4,800,000 malware samples. To start though? Learn C haha or read old papers from our vx heaven archive
Russian OSINT: Are there any people in your community who can help in jabber/matrix with questions/answers?
smelly__vx: No. However, i am always available to talk
Russian OSINT: I saw interesting article from XSS forum on your website called E-zine. Do you know admin of this forum? What is your opinion about XSS?
smelly__vx: We added XSS's zine, i believed it was important to save it. I do not know the admin of XSS. As far as the marketplace of XSS, I am indifferent. It is not my job to patrol XSS. I am not law enforcement. They are free to do as they like. I need to go through the forum and found articles to add to the vx-underground paper collection
Russian OSINT: What do you think in general about russian-speaking hackers? Are they different from others? Are they good in creating malwares and viruses?
smelly__vx: Yes, Russians are very different. Americans (north and south america) are very chatty. Russians can be very direct. They can be very business oriented. They also tend to not be friendly to me because I am american. One time I was accused of being Brian Krebs. Another time I was called NSA or FBI sponsored. Hahahahaha
Russian OSINT: Are you planning to upload lockers (ransomware samples) on your website?
smelly__vx: We have thousands of ransomware samples on the website. Example: https://vxug.fakedoma.in/samples/Block.0000.txt has 52 samples. We also have some ransomware source codes on GitHub: https://github.com/vxunderground/MalwareSourceCode/tree/main/Python
Russian OSINT: Can you name your favorite top-3 resources on darkweb , where you get to know all news?
smelly__vx: I do not visit 'the darkweb' very often haha. Normally people from 'the darkweb' contact me and tell me thing
Russian OSINT: In Clearnnet, what do you read on daily basis about cybersec news?
smelly__vx: Twitter lol
Russian OSINT: What do you think about Ransomware worldwide trends? Is it gonna be worst?
smelly__vx: That is difficult to answer. Microsoft announced they will be introducing sandboxes to MS office. Malicious macros are a big source of ransomware attacks. This will impact business. They will need to evolve and become more sophisticated as security solutions adapt to their methods.
Russian OSINT: Whom do you read on Twitter? Who inspires you the most?
smelly__vx: I seriously watch maybe 30 people or so. Kaspersky GReAT, WeLiveSecurity, 0gtweet, jackson_t, TheXC3ll, ModExp, Jonas L, to name a few
Russian OSINT: Is it true that sometimes competitive APT share with you sample in order to make it publically known and sink competitors.
smelly__vx: No haha
Russian OSINT: 240,000 malware samples. i saw this post yesterday. How come you get so large collection of samples, tell me a secret)
smelly__vx: We aggregate them from various places. Sometimes public malware feeds, sometimes private ones. It is no secret and nothing special.
Russian OSINT: As independent researcher, is it true or myth that biggest antivirus companies create their own viruses to startle companies and provide them defending solutions against it?
smelly__vx: Maybe initially, but now cyber crime is too big. This would not make sense
Russian OSINT: Do you know who is responsible for attack on CD Projekt Red?
smelly__vx: No
Russian OSINT: What are the plans for 2021?
smelly__vx: Keep adding content, maybe try to talk to the admins of XSS. I am curious what they are doing on the other side of the world.
Russian OSINT: Is there any other project you are involved? Anything else besides VX-underground?
smelly__vx: No, i am boring haha
Russian OSINT: Why did you choose cybersec industry?
smelly__vx: i did not choose cybersecurity
I initially was a software engineer. i was a software engineer for many years. only recently i transitioned into cybersecurity. I transitioned because i wanted to write malware and research new malware ideas
Russian OSINT: What can you advice for beginners in cybersec?
smelly__vx: Just do something. Stop talking.
https://twitter.com/russian_osint